Thursday, October 01, 2009

SOFTWARE: Recovering From Self-Inflicted Virus Attack

I'm not dead. Not even really sick, although I do have yet another visit to the doctor's coming up Monday. Just been snowed under by THE PROJECT FROM ... well my best-paying client.

This doesn't signal a return to blogging. That's probably a month away. I've got things to say about the Argos, my baseball team, my former baseball team, hockey, books, the fall TV season, etc. Just not right now. What I DO have to say right now is all about fixing my latest stupid waste of time.

I thought I was updating one of my utilities earlier today and clicked on the wrong file name. That's wrong as in the WRONG file, and wrong as in, I got hammered for doing so. Something tried to squirm onto my system and succeeded partially. My defences stopped most of it. But not all of it. I had to uninstall one program and then I rebooted. And things went south from there.

Eventually, the solution was searching out two different files and renaming them. The first was wmiprvse.exe, which existed in five places in my C:\Windows folder. THREE of them were on the list of right-sized versions of the file. TWO weren't on the good list. And the key one was in C:\Windows\System32\WBEM. That one kept giving me error messages complaining that wmiprvse.exe couldn't reference memory. We're talking about an error dialog about every ten seconds, or so. I DID stop the program running. It's a service and it's on the Microsoft Trusted list. Hah!

I think I tried about a dozen reboots in all and kept getting this message, EVEN before logging in, during each reboot. I tried uninstalling this, deleting that. I was seriously thinking about dunkirking the drive and restoring an eight-day old copy of drive C:\. But I eventually renamed the wmiprvse.exe's in WBEM and C:\Windows\System32\DLLcache. On the next reboot, Windows copied GOOD versions to those locations from one of the three places where such files hid. And the error message went away!!!

Only to be replaced by annoyingly similar complaints about LogonUI.exe. It couldn't reference memory either! I turned the air blue for a bit and did the same search I'd done for it's predecessor on my hate list. Once again, I found a couple of correctly-sized versions and one oddly-sized one in System32. I renamed that one and rebooted. Twice. And NO MORE $#&@^)@#&$ programs complaining about not being able to reference memory.

So, I'm out four, almost five hours, of fixing something that came about purely for being sloppy at clicking away on links on websites (And yes, I alerted the website and the infected file is no longer available). Sure, I got spanked for that sloppiness. And yes, I could have restored the C:\ drive backup in about an hour, without losing much of anything (remember, I don't install or save anything TO C:). And I really couldn't afford the time. But all in all, not a horrible outcome.

And the reason I'm admitting to this screwup? I'll do it again sometime in the future. And I'll be able to come here for the solution.

See ya in 30. Or thereabouts.

No comments: